[nmglug] Questions about claiming

ABQLUG community at abqlug.com
Wed Sep 2 18:38:37 PDT 2020

Hey John et al,

I totally high-jacked this thread, sorry!

Having deployed Jitsi-meet, I feel comfortable saying that security is 
not really a priority for the Jitsi team. I'm not complaining, I just 
don't have that kind of confidence yet.

My current understanding of what makes something HIPAA certified is 
actually pretty open to interpretation.

There are lists you can google to see what makes something compliant. 
They pretty much just expect the traffic and data to be encrypted. With 
a "strong" firewall and good intrusion detection set up.

Looking up HIPAA compliance for Managed Service Providers is a lot 
harder to find good info though...

I can't tell if you have to pay someone to have the ability to legally 
say that you are "able to provide X with HIPAA complaince".

But if there was some form of "pay-to-play" to become HIPAA compliant, 
wouldn't that be easier to find?

Maybe I'm wrong, I would love to know.

~ Jared

On Sep 2 2020 3:01 PM, John Osmon wrote:
> On Wed, Sep 02, 2020 at 02:20:55PM -0600, ABQLUG wrote:
>> [...]    would a self-hosted
>> Jitsi-meet server be considered to be HIPPA-compliant if there is an
>> active firewall? I wonder...
> Would it be as safe?  Probably.
> It is only HIPPA compliant when someone has been paid to check off
> the box that says it is compliant.
> Never confuse security with compliance.  :-)
> _______________________________________________
> nmglug mailing list
> nmglug at lists.nmglug.org
> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org

More information about the nmglug mailing list